All official releases are tagged in Git, and signed by my key. All official releases on PyPI have a corresponding GPG signature of the build. Please be aware that pip does not check GPG signatures by default; please see this ticket if you care.

The most reliable way to verify you got what I intended is to clone the Git repository, gitcheckout a tag and verify its signature. The second-best would be to download a release + tag from PyPI and verify that.

These are the lowest-level documents, directly from the doc-strings in
the code with some minimal organization; if you’re just getting
started with txtorcon the “Programming Guide” is a better
place to start.